rustypaste

A minimal file upload and URL shortener, honestly reviewed. Written in Rust. No database. No drama.

TL;DR

• What it is: A minimal self-hosted pastebin and file upload service written in Rust, built around a single binary and a filesystem [README].
• Who it’s for: Developers, sysadmins, and technically-inclined founders who share files and snippets regularly and want to stop feeding that data through third-party SaaS. Not for non-technical users.
• Cost savings: Pastebin.com Pro runs $19.95–$47.95/year. Self-hosting rustypaste on a $4/mo VPS costs under $50/year with zero upload limits, no ads, no account required for visitors [README].
• Key strength: Dead simple. Single binary, filesystem storage, no database to maintain. Upload via curl and get a URL back in two seconds [README].
• Key weakness: No web UI for uploading — interaction is entirely curl-based unless you find or build a frontend client. No user accounts, no folder structure, no team features. If you need any of those, wrong tool.

---

What is rustypaste

rustypaste is a minimal HTTP pastebin and file upload server. The entire pitch fits in three shell commands:

$ echo "some text" > awesome.txt
$ curl -F "[email protected]" https://paste.site.com
https://paste.site.com/safe-toad.txt
$ curl https://paste.site.com/safe-toad.txt
some text

That’s it. You upload, you get a URL, recipients fetch it. No login wall on the receiving end. No JavaScript required to retrieve a paste. No vendor looking at your files in transit [README].

The project is maintained by Orhun Pekgöz, the same developer behind git-cliff and other Rust open-source tools. As of this writing, rustypaste has 1,145 GitHub stars, 76 forks, and 32 contributors, putting it firmly in “niche but maintained” territory — not a ghost repo, not a category leader [merged profile]. It’s packaged in Arch Linux (AUR and community repos), Alpine Linux Edge, FreeBSD ports, and is available on crates.io as a Rust crate [README].

The project’s self-description — “centralization is bad!” — tells you exactly what kind of tool this is. It’s not solving a business problem. It’s solving a developer hygiene problem: stop pasting sensitive configs and internal URLs into Slack or Pastebin.com.

---

Why people choose it

Dedicated third-party reviews of rustypaste are sparse — it’s a niche infrastructure tool, not an enterprise product with marketing budgets. What exists is mostly mentions in tool roundups alongside alternatives like ExBin, Opengist, and Lstu [1]. That context is actually informative: rustypaste consistently appears in “minimal pastebin” lists rather than “powerful document sharing” lists. Users choose it when they want exactly what it says on the tin and nothing more.

The pattern that emerges from community discussions is consistent:

Versus Pastebin.com and similar SaaS. The main complaint about Pastebin.com isn’t the price — it’s the ads, the requirement for an account to set pastes to private, the rate limits on the free tier, and the fact that sensitive data (API keys, config files, internal URLs) passes through a third party’s servers. rustypaste removes every one of those objections. Pastes are served from your server. No ads. No account walls. No vendor terms-of-service creep [README].

Versus GitHub Gists. Gists require a GitHub account to create and are indexed by default unless you remember to click “secret.” A secret Gist is still on GitHub’s infrastructure, tied to your account, and visible in your activity history. rustypaste has no accounts. A file is a file on a filesystem. You decide what’s exposed [README].

Versus Hastebin / Haste-server. Hastebin is another popular self-hosted pastebin. The key difference: Hastebin uses Redis or a database for storage. rustypaste uses the filesystem only. Simpler dependency tree, simpler backups, simpler reasoning about where your data lives [README].

The Rust angle. rustypaste’s README includes the obligatory “blazingly fast!” line, and while that’s Rust-community meme territory, it’s not wrong. Startup is near-instant. Memory footprint at idle is tiny. If you’re running a cheap VPS and want to leave the process running indefinitely, it won’t eat your RAM [README].

---

Features

Based on the README, here’s what rustypaste actually does:

Core upload and retrieval:

• curl -F "file=@yourfile" upload — works from any shell script or terminal [README]
• Upload from a remote URL: curl -F "remote=https://example.com/file.png" fetches the remote file and stores it on your server [README]
• URL shortening: curl -F "url=https://long-url.com" returns a short redirect [README]
• MIME type guessing — serves files with correct Content-Type headers, with support for overriding or blacklisting specific types [README]
• Force-download via ?download=true query parameter [README]

File naming:

• Three random naming schemes: pet name (e.g., capital-mosquito.txt), alphanumeric string (e.g., yB84D2Dv.txt), or random suffix appended to original filename (e.g., file.MRV5as.tar.gz) [README]
• You can override the filename explicitly [README]

Expiration and one-shot:

• Expiring links: curl -F "[email protected]" -H "expire:10min" — supports nanoseconds through years as units [README]
• Auto-expiration at upload time; auto-deletion of expired files on a configurable interval [README]
• One-shot files: curl -F "[email protected]" — file can be fetched exactly once, then it’s gone [README]
• One-shot URLs: same behavior for URL shortening [README]

Server management:

• Basic HTTP authentication for upload endpoints [README]
• List endpoint to enumerate stored files [README]
• Delete endpoint to remove files from the server [README]
• No-duplicate uploads: optional deduplication by content [README]
• Custom landing page (replace the default index with your own HTML) [README]

Operations:

• Hot-reloading configuration — change config.toml without restarting the server [README]
• Manual or automatic cleanup script for expired files; example cron script provided in the README [README]
• Third-party CLI clients exist (the README links to rpaste, a standalone shell wrapper) [README]

What it doesn’t have:

• No web UI for uploading. The HTML form is server-side and basic; the tool is designed for curl [README].
• No user accounts or multi-tenant access controls. Authentication is a single shared token [README].
• No search, tagging, versioning, or any document-management features [README].
• No database. Everything is flat files. That’s a feature, not an oversight — but it also means no query capability [README].

---

Pricing: SaaS vs self-hosted math

rustypaste has no managed cloud offering. The tool is self-hosted or nothing. So the pricing comparison is against the SaaS alternatives you’d otherwise be using.

Pastebin.com:

• Free: public pastes only, rate-limited, ads, 10MB file size cap
• PRO: $19.95/year (unlimited private pastes, no ads, 25MB cap)
• PRO+: $47.95/year (adds API access, 50MB cap)

GitHub Gists: Free but tied to your GitHub account. No upload-by-curl workflow. Gists don’t support binary file uploads cleanly.

File.io / similar ephemeral services: Free tiers with strict expiration limits and file size caps; paid plans run $8–$20/month.

rustypaste self-hosted:

• Software license: $0 (MIT) [README]
• Server: $4–6/month on Hetzner, Contabo, or DigitalOcean (or free if you’re already running a VPS for other things)
• Storage: whatever disk you provision; no per-file costs
• Upload limits: you set them in config, or you don’t

If you already have a VPS running something else, adding rustypaste costs approximately one binary, one config file, and 30 minutes. The runtime cost is effectively zero since it’s sharing existing infrastructure.

If you spin up a dedicated VPS: $4–6/month, or $48–72/year. Compared to Pastebin.com PRO at $19.95/year, the self-hosted option is actually slightly more expensive if the VPS is dedicated — but that math flips the moment you factor in data sovereignty, no rate limits, no ads, and no vendor lock-in.

For a developer or team already running a home server or cloud VPS: the marginal cost is zero and the gains are real.

---

Deployment reality check

This is where rustypaste genuinely earns its minimalism label. The install story is as simple as self-hosted tools get:

The fast path:

cargo install rustypaste  # or: download binary from GitHub releases

Copy config.toml, configure it, run the binary. That’s a working server [README].

The Docker path: A Docker image and docker-compose.yml are provided in the repository. If you’re already running containers, adding rustypaste is adding a service block [README].

What you actually need:

• A Linux server (or macOS for local use)
• A domain name and a reverse proxy (Caddy is easiest; nginx config examples are in the README) [README]
• No database. No Redis. No external dependencies [README].

What’s packaged where:

• Arch Linux: pacman -S rustypaste (community repo) [README]
• Alpine Linux: apk add rustypaste (Edge community) [README]
• FreeBSD: pkg install rustypaste [README]
• Cargo: cargo install rustypaste [README]

Configuration: A single TOML file. The example config.toml in the repo covers everything: upload limits, auth tokens, paste expiry, MIME handling, deletion settings. Hot-reload means you can tune it without downtime [README].

Realistic setup time:

• Developer who’s deployed Docker before: 15–30 minutes including domain setup.
• Developer who hasn’t used a reverse proxy: 1–2 hours, mostly spent on Caddy/nginx config.
• Non-technical user: not the right tool. The upload workflow is curl. If that’s not your daily driver, the tool won’t serve you.

What can go sideways:

• The one-shot and expiration features require that you configure the cleanup interval correctly, or expired files accumulate on disk. The README provides a cron cleanup script but you have to set it up [README].
• Authentication is a single shared API token. There’s no per-user access control. If you share the token, you share upload access [README].
• The list endpoint exposes all stored filenames to anyone with the auth token. Plan accordingly if you’re using this for sensitive files.

---

Pros and cons

Pros

• No database. Filesystem storage means dead-simple backups (rsync or tar), trivial migration between servers, and zero database maintenance [README].
• Single binary. Deploy it anywhere Rust runs. No runtime dependency chain to manage [README].
• MIT licensed. Embed it, fork it, run it commercially — no restrictions [merged profile].
• Hot-reload config. Change settings without bouncing the process [README].
• One-shot links. Genuinely useful for sharing secrets or temporary credentials that should self-destruct after first view [README].
• CLI-native workflow. If you live in the terminal, the curl interface is faster than any web UI [README].
• Packaged in major distros. Arch, Alpine, FreeBSD — meaning security patches flow through your normal package manager [README].
• Actively maintained. 614 commits, 41 releases, 32 contributors. The project isn’t stagnating [GitHub page].

Cons

• No web upload UI. The built-in HTML form is rudimentary. If your workflow doesn’t include curl, this tool fights you [README].
• Single auth token. No user accounts, no per-upload access control, no audit trail of who uploaded what. For a team, this is a real limitation [README].
• Small community. 1,145 stars puts it in useful-but-niche territory. Stack Overflow answers for rustypaste-specific issues don’t exist. You’ll be reading the source [merged profile].
• No encryption at rest. Files sit on the filesystem in plaintext. If the server is compromised, all pastes are exposed. Use expiring links and one-shot links for anything sensitive [README].
• Third-party client ecosystem is thin. The README mentions rpaste and community clients, but this isn’t a tool with a rich integration ecosystem [README].
• No full-text search. Files are stored by random name. You can list them via the list endpoint, but you can’t search content [README].

---

Who should use this / who shouldn’t

Use rustypaste if:

• You regularly share files, configs, or snippets via curl or shell scripts and want a private endpoint to send them to.
• You’re already running a Linux VPS or home server and want to add a paste service with zero additional infrastructure overhead.
• You want one-shot links for secrets — deploy keys, temporary passwords, internal URLs — that disappear after one read.
• Data sovereignty matters: you want paste data on your hardware under your control, not passing through Pastebin.com or GitHub servers.
• You want URL shortening alongside file hosting without running a separate service.

Skip it if:

• You want a web UI for non-developer teammates to upload files. This is a curl tool.
• You need user accounts, access control, or audit logs. rustypaste has none of that [README].
• You want to share code snippets with syntax highlighting — use Opengist or PrivateBin for that use case [1].
• You’re a non-technical founder who wants to escape SaaS — this isn’t the escape hatch, it’s an infrastructure component for people who manage their own servers.

---

Alternatives worth considering

• PrivateBin — Client-side encrypted, zero-knowledge pastebin. Better choice if you need end-to-end encryption for pastes. More complex to deploy (PHP + optional database). For sensitive text: PrivateBin. For file uploads: rustypaste.
• Opengist — Self-hosted GitHub Gists clone with proper web UI, syntax highlighting, user accounts, and Git-backed storage. Significantly more capable and significantly more to maintain. If you want Gists without GitHub: Opengist [1].
• ExBin — Also written in Rust, also minimal, but with a netcat server interface and code highlighting. Appears alongside rustypaste in tool roundups; the two serve slightly different audiences [1].
• Hastebin (Haste-server) — Classic self-hosted paste tool. Has a web UI and syntax highlighting. Requires Redis or a database. More setup, more power for text pastes; doesn’t handle binary files as cleanly [common knowledge].
• Lstu — URL shortener with optional pastebin functionality. If URL shortening is your primary use case rather than file hosting [1].
• Pastebin.com PRO — If you don’t want to manage a server and your needs fit the feature set ($19.95/year, private pastes, no ads). Valid choice if you trust the vendor.

---

Bottom line

rustypaste is one of those tools that does exactly one thing well and makes no apologies for what it doesn’t do. If your use case is “I want to curl a file to my own server and get a URL back” — including expiring URLs, one-shot links, and URL shortening — this is the cleanest solution in the self-hosted space. No database to run, no runtime dependencies to manage, no vendor to trust with your data.

The honest limitation: it’s a developer tool dressed as infrastructure. The target user is comfortable with curl, can write a simple shell function, and knows how to set up a reverse proxy. If that’s you, setup takes less than an hour and you’ll forget it’s running. If it’s not, the tool will feel broken the moment you realize there’s no upload button anywhere.

For a non-technical founder looking to escape SaaS costs, this isn’t the entry point — tools like Nextcloud (for file sharing), PrivateBin (for encrypted notes), or Activepieces (for automation) are better starting points. rustypaste is for the person deploying those tools who also wants somewhere to paste configs and deployment tokens without feeding them to GitHub or Pastebin. That’s a real need, and rustypaste serves it well.

---

Sources

1. facts.dev — ExBin project details (mentions rustypaste in related tools). https://www.facts.dev/p/exbin/

Primary sources:

• GitHub repository and README — orhun/rustypaste. https://github.com/orhun/rustypaste (1,145 stars, MIT license, 32 contributors, 614 commits)
• Pastebin.com pricing — https://pastebin.com/pro (PRO at $19.95/year, PRO+ at $47.95/year)